[PATCH] D140663: CUDA/HIP: Use kernel name to map to symbol

Artem Belevich via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Mar 17 17:26:57 PDT 2023 

tra added a comment.

It appears that this patch may be causing a use-after free when we attempt to generate kernel registration code. 
The root cause is that the value we insert into `KernelHandles` by name is later on replaced by a different instance of the global value with the same name.
AFAICT, the invalidation issue was present before but we accidentally avoided it because we only looked up the still-valid new entries. The dangling references were still in the map, but not accessed.

It's reproducible on this example: https://godbolt.org/z/qGYTr3Ej5

Here's the stack trace for the call path which frees the old entry:

  #3  0x000055e5564e75e2 in llvm::User::operator delete (Usr=0x55e55f6ff438) at /usr/local/google/home/tra/work/llvm/repo/llvm/lib/IR/User.cpp:190
  #4  0x000055e5563a0a70 in llvm::ilist_alloc_traits<llvm::Function>::deleteNode (V=0x55e55f6ff438) at /usr/local/google/home/tra/work/llvm/repo/llvm/include/llvm/ADT/ilist.h:42
  #5  0x000055e55639d875 in llvm::iplist_impl<llvm::simple_ilist<llvm::Function>, llvm::SymbolTableListTraits<llvm::Function> >::erase (this=0x55e55f75a3e8, where=...) at /usr/local/google/home/tra/work/llvm/repo/llvm/include/llvm/ADT/ilist.h:269
  #6  0x000055e55637c173 in llvm::Function::eraseFromParent (this=0x55e55f6ff438) at /usr/local/google/home/tra/work/llvm/repo/llvm/lib/IR/Function.cpp:367
  #7  0x000055e5563a4ad5 in llvm::GlobalValue::eraseFromParent (this=0x55e55f6ff438) at /usr/local/google/home/tra/work/llvm/repo/llvm/include/llvm/IR/Value.def:76
  #8  0x000055e5570dd747 in clang::CodeGen::CodeGenModule::applyGlobalValReplacements (this=0x55e55f7a06d0) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/CodeGen/CodeGenModule.cpp:315
  #9  0x000055e5570deb3a in clang::CodeGen::CodeGenModule::Release (this=0x55e55f7a06d0) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/CodeGen/CodeGenModule.cpp:540
  #10 0x000055e5581e5ede in (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit (this=0x55e55f79aa40, Ctx=...) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/CodeGen/ModuleBuilder.cpp:287
  #11 0x000055e5581de64e in clang::BackendConsumer::HandleTranslationUnit (this=0x55e55f79a7a0, C=...) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/CodeGen/CodeGenAction.cpp:308
  #12 0x000055e55b063273 in clang::ParseAST (S=..., PrintStats=false, SkipFunctionBodies=false) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/Parse/ParseAST.cpp:175
  #13 0x000055e557ff26ec in clang::ASTFrontendAction::ExecuteAction (this=0x55e55f75aa20) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/Frontend/FrontendAction.cpp:1168
  #14 0x000055e5581da604 in clang::CodeGenAction::ExecuteAction (this=0x55e55f75aa20) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/CodeGen/CodeGenAction.cpp:1172
  #15 0x000055e557ff20ec in clang::FrontendAction::Execute (this=0x55e55f75aa20) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/Frontend/FrontendAction.cpp:1058
  #16 0x000055e557f1b618 in clang::CompilerInstance::ExecuteAction (this=0x55e55f7564c0, Act=...) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/Frontend/CompilerInstance.cpp:1048
  #17 0x000055e5581c35c7 in clang::ExecuteCompilerInvocation (Clang=0x55e55f7564c0) at /usr/local/google/home/tra/work/llvm/repo/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:264
  #18 0x000055e5533464b0 in cc1_main (Argv=llvm::ArrayRef of length 86 = {...}, Argv0=0x7ffd95ce621e "/usr/local/google/home/tra/work/llvm/build/debug/bin/clang-15", MainAddr=0x55e5533305f0 <GetExecutablePath[abi:cxx11](char const*, bool)>)
      at /usr/local/google/home/tra/work/llvm/repo/clang/tools/driver/cc1_main.cpp:251
  #19 0x000055e553331dca in ExecuteCC1Tool (ArgV=llvm::SmallVector of Size 87, Capacity 256 = {...}, ToolContext=...) at /usr/local/google/home/tra/work/llvm/repo/clang/tools/driver/driver.cpp:366
  #20 0x000055e553330aec in clang_main (Argc=87, Argv=0x7ffd95ce4a68, ToolContext=...) at /usr/local/google/home/tra/work/llvm/repo/clang/tools/driver/driver.cpp:407
  #21 0x000055e553369d5d in main (argc=87, argv=0x7ffd95ce4a68) at tools/clang/tools/driver/clang-driver.cpp:15


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D140663/new/

https://reviews.llvm.org/D140663

More information about the cfe-commits mailing list